Press release: US companies ahead of their European counterparts in cyber security readiness, survey reveals

News

Press release: US companies ahead of their European counterparts in cyber security readiness, survey reveals

DC14-051 (12 February 2014)

But many board level executives around the world still failing to address cyber security Hacktivism and malicious insider threats (intentional leaks) perceived to be on the rise

Four in 10 (41 percent) of US business leaders consider cyber security as a major priority, compared to just 20 percent in Europe and 30 percent globally, research from BT has revealed.

The research, which assessed attitudes to cyber security and levels of preparedness among IT decision makers, highlights that European businesses are lagging behind their US counterparts in crucial areas. In the US 90 percent of organizations are able to measure the return on investment (ROI) of cyber security measures, compared to just over half in Europe (58 percent). Similarly, 86 percent of US directors and senior decision makers say they are given IT security training, compared to just 44 percent in Europe.

Respondents that believe their CEO’s attitude towards cyber security is “protection against cyber-attack is an absolute priority” by country (BASE: all respondents)

Globally, more than half (58 percent) of IT decision-makers stated that their boards underestimate the importance of cyber security. This figure increases to 74 percent in the US but drops to 50 percent in Europe.

The difference in levels of preparedness correlates with attitudes to threats. Non-malicious insider threats (e.g. accidental loss of data) are the most commonly cited security concern globally, being reported as a serious threat by 65 percent of IT decision makers. In Europe this figure falls to 56 percent and is followed by malicious insider threats (53 percent), hacktivism (48 percent), organized crime (38 percent) and nation states (31 percent).

In the US, the proportion of IT decision makers who see non-malicious insider threats as a severe threat increases to 85 percent and is followed by malicious insider threats (79 percent), hacktivism (77 percent), organized crime (75 percent), terrorism (72 percent) and nation states (70 percent).

Globally, over half of IT decision makers believe that hacktivism (54 percent) and malicious insider threats (53 percent) will pose a greater risk over the next 12 months. In the US this increases to 73 percent and 74 percent respectively, compared to 39 percent and 38 percent in Europe. Globally, terrorism is seen as the threat least likely to pose more risk over the next 12 months.

Cyber security threats posing risk now and posing more risk over the coming year (BASE: all respondents)

Mark Hughes, CEO of BT Security, said: “The research provides a fascinating insight into the changing threat landscape and the challenge this poses for organizations globally. The massive expansion of employee-owned devices, cloud computing and extranets, have multiplied the risk of abuse and attack, leaving organizations exposed to a myriad of internal and external threats – malicious and accidental.

“US businesses should be celebrated for putting cyber security on the front foot. The risks to business are moving too fast for a purely reactive security approach to be successful. Nor should cyber security be seen as an issue for the IT department alone.”

In response to emerging threats, three quarters (75 percent) of IT decision makers globally say they would like to overhaul their infrastructure and design them with security features from the ground up, while 74 percent would like to train all staff in cyber security best practice. Similarly, just over half (54 percent) say they would like to engage an external vendor to monitor the system and prevent attacks.

Hughes added: “As the threat landscape continues to evolve, CEOs and board level executives need to invest in cyber security and educate their people in the IT department and beyond. The stakes are too high for cyber security to be pushed to the bottom of the pile.”

“At BT we help our customers identify and understand the risks and vulnerabilities as well as their critical assets. We provide them with best of breed portfolio, intelligence services plus dedicated subject matter experts to help them put the right security measures in place to mitigate cyber threats.”

About the research

This research was undertaken by Vanson Bourne for BT in October 2013. Five hundred interviews were carried out with IT decision makers in medium to large sized enterprise organisations across seven countries – UK, France, Germany, USA, Brazil, Hong Kong and Singapore – and in a range of sectors – finance, pharmaceutical, retail and government.

Additional stats

Type of threat

Global

US

In your view, how severe are the following threats to your organisation? Percentage of respondents that selected “severe risk” or “very severe risk”

How will the severity of the following threats change over the next 12 months? Percentage of respondents that selected “more risk” or “significantly more risk”

In your view, how severe are the following threats to your organisation? Percentage of respondents that selected “severe risk” or “very severe risk”

How will the severity of the following threats change over the next 12 months? Percentage of respondents that selected “more risk” or “significantly more risk”

Non-malicious insider threat (e.g. accidental loss of data)

65%

51%

85%

73%

Hacktivism

63%

54%

77%

73%

Malicious insider threat (e.g. intentional leaks)

63%

53%

79%

74%

Organized crime

53%

47%

75%

67%

Nation state

45%

39%

70%

66%

Terrorism

39%

38%

72%

74%

BT Security

BT Security is building on 70 years’ experience of helping organizations around the globe and across all sectors get ahead of the threat curve and reduce the uncertainty and complexity of security. We provide an end-to-end capability to help organizations enjoy higher levels of security at a time when security budgets are not keeping pace with the threat landscape.

The sophistication of our security operations means that we think about the assets, the people, and the processes, and combine these with both network and security intelligence to help our customers stay ahead of the security risks. BT Security protects both BT and its customers. These customers are advised by a global team of 1,300 security practitioners, 600 global security specialists and a professional services team of approximately 4,000.

About BT

BT is one of the world’s leading providers of communications services and solutions, serving customers in more than 170 countries. Its principal activities include the provision of networked IT services globally; local, national and international telecommunications services to its customers for use at home, at work and on the move; broadband, TV and internet products and services; and converged fixed/mobile products and services. BT consists principally of four lines of business: BT Global Services, BT Retail, BT Wholesale and Openreach.

For the year ended 31 March 2013, BT Group’s reported revenue was £18,103m with reported profit before taxation of £2,315m.

British Telecommunications plc (BT) is a wholly-owned subsidiary of BT Group plc and encompasses virtually all businesses and assets of the BT Group. BT Group plc is listed on stock exchanges in London and New York.